9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
485s
max time network
604s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (5).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3068	triage - Copy (5).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3068	triage - Copy (5).exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
3068	triage - Copy (5).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
3068	triage - Copy (5).exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
3068	triage - Copy (5).exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 1908 wrote to memory of 4792	1908	firefox.exe	87
PID 4792 wrote to memory of 4732	4792	firefox.exe	88
PID 4792 wrote to memory of 4732	4792	firefox.exe	88
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1316	4792	firefox.exe	89
PID 4792 wrote to memory of 1428	4792	firefox.exe	90
PID 4792 wrote to memory of 1428	4792	firefox.exe	90
PID 4792 wrote to memory of 1428	4792	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (5).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (5).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.0.880994874\1358151656" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {950d69b7-886f-47d7-9935-f703c1369f46} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 1964 1fe301fd058 gpu
    3⤵
    PID:4732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.1.792304545\1785906811" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca3d552f-d14b-417c-8be9-e259d547400f} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 2364 1fe3010cf58 socket
    3⤵
    - Checks processor information in registry
    PID:1316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.2.1646593006\329908456" -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3152 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52f8238b-e735-45c5-8a2e-3f3d8dc7e35f} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 3168 1fe343ca358 tab
    3⤵
    PID:1428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.3.1798565925\556900815" -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 3448 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21e3a6e3-2609-4e04-b5a4-ae7daf58353c} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 1100 1fe23a62558 tab
    3⤵
    PID:1108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.4.789053097\1816792177" -childID 3 -isForBrowser -prefsHandle 3628 -prefMapHandle 4428 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a974729-d38d-4e8a-ac8b-315475ff836d} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4436 1fe360c9e58 tab
    3⤵
    PID:2984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.5.358752341\969401864" -childID 4 -isForBrowser -prefsHandle 5132 -prefMapHandle 5128 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08aa8a5a-3da6-4866-a6ad-fe6a4ced2730} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5144 1fe23a30e58 tab
    3⤵
    PID:3048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.6.2086988036\517669741" -childID 5 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c5cf259-d5db-4107-b79e-ea1de58cc2d6} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5164 1fe369e3f58 tab
    3⤵
    PID:3432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.7.1254900737\1189810382" -childID 6 -isForBrowser -prefsHandle 5492 -prefMapHandle 5496 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6c3a3c4-00e3-443d-bee3-c9dbbf05659d} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5484 1fe369e4858 tab
    3⤵
    PID:1572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.8.967027173\71887384" -parentBuildID 20221007134813 -prefsHandle 5828 -prefMapHandle 5856 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f702645a-5c0c-4919-82d5-daef9eed80dd} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5840 1fe359d9858 rdd
    3⤵
    PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.9.707493602\2046159035" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6008 -prefMapHandle 6004 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e99bb12e-b7bf-4354-8da6-774aa368c237} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5996 1fe344bd058 utility
    3⤵
    PID:2604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.10.1859262467\699944485" -childID 7 -isForBrowser -prefsHandle 6220 -prefMapHandle 6216 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {186359b4-0d88-49ed-a6d6-070fce580d31} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 6228 1fe339a0858 tab
    3⤵
    PID:868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.11.1427115213\1235050714" -childID 8 -isForBrowser -prefsHandle 6332 -prefMapHandle 2808 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e765391-e8f2-4e66-9e3a-aff70e05937e} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 6340 1fe38095f58 tab
    3⤵
    PID:5692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.12.2087157773\1531818459" -childID 9 -isForBrowser -prefsHandle 10024 -prefMapHandle 10020 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66625062-f746-40b7-a320-1373d2016119} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 10032 1fe38094458 tab
    3⤵
    PID:5700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.13.439992027\314616695" -childID 10 -isForBrowser -prefsHandle 5432 -prefMapHandle 5408 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ff9ba58-bce8-4841-82ae-3faecf22d11f} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5416 1fe3601de58 tab
    3⤵
    PID:2116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.14.1841290043\2090275202" -childID 11 -isForBrowser -prefsHandle 10080 -prefMapHandle 10064 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f24764a-5f0c-44bd-bc53-0ad3a3494fac} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 10092 1fe360d8858 tab
    3⤵
    PID:5608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.15.523435260\760414142" -childID 12 -isForBrowser -prefsHandle 4648 -prefMapHandle 4868 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e271d1-00ec-489d-9afc-c17d1fbb64e5} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5616 1fe360d8258 tab
    3⤵
    PID:4384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.16.606145007\1466242628" -childID 13 -isForBrowser -prefsHandle 4884 -prefMapHandle 6216 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6347e4b-b2f4-4189-81fa-3f2141c05bdb} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 9580 1fe3439ce58 tab
    3⤵
    PID:372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\10575

Filesize
9KB

MD5
5868eef2a91ce09c5428cc1062626de0

SHA1
51efdb281e97bb4e03d9aaa6cf88289c8a81d7bd

SHA256
7a30982b6bffe951f32d186c49d32197b8029c62d607ea184a180dea5b45b3f0

SHA512
ff74f8e25017214086ae715fbc953588640fd8d6756dc1025169dc40d3fb4ffa5dcec8aeed7526210cd001eb5578ea86dd8f229f3a4ef93d675f424d23c23823

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\11472

Filesize
9KB

MD5
c051a1c9ebcf04b2d8ea0463a70a419f

SHA1
531ffe1b292e57713ff0d07b48a19e1c6179a55a

SHA256
bb6aca6c93195b206ea96a390132ea8434c1c9a3bae857af45c4746ea4f3cdd1

SHA512
8f6ad4d4e5b8f7edde13af381398a48a98d7931dd2e9837299a49f5f8eeb32f851643c4fb96e77681c91011360660d3867e3a5d72372317e73f6b6db97f3d92d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\3940

Filesize
9KB

MD5
ea3e889bd42a8593d63fc5eafbbaa182

SHA1
b80481444e4dfb84e1d7de500c3b7f167d1dcbb3

SHA256
108714935a4443c647a7fa507119df59a36cf2dd3da3574d947e7e7789592183

SHA512
63c274efd04d7f70733f668d6797948555c343cc5f2cbc53491be6fe643050c433fe4d412e598e51cd408b739edd4779e3d9d3838ccc6c6941215fa08c419b10

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
fcd84ccb8e44e7cc501caf95d45466b9

SHA1
47b79dd54c9fa3cb0cef4241ea2555d7454fbff1

SHA256
e504437c899c9a8be76f8f2f8bf20874fbddd2ad65aba3bda6bcb4f2dbcbcfc6

SHA512
3707504eeef49d0dee93b80a61c695f59b577a300d71ccf4d9994272e6c524e5b6bfec5ccc706d59c0c10c086c149d61a76a70516d080a45b3e7a9f63e55efd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
7a87766322af87363cd95e53a78af09c

SHA1
4e9a0cc89e7ece12fb87876febbfadc688a43785

SHA256
368ea5b4d717631eaeee15651b1a1b3e2ec83fec1d6459c8ad875b7b22ab8bcd

SHA512
0f660189a9f4ea2c1eb9d28481c67d7b8a921b0f6faa7e53fc151e76bdfb27c27e470861ca9f0d2c5ac4ead794300b2978abe305b80e112a96707a296da93a16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
65d243bd94c9ef60ee001114dc688e8b

SHA1
f5615eff81596670bf7dc40be773927dc9faa01b

SHA256
90054da0cecf98a1d65f93d8450407b651a872f7714b7e6a82af414426e955ad

SHA512
abb6d375611b1e9aa69acd7f40ee8d3b1a20d1feacd52af27dcae310c8945b384b0d41d57cc19af75439dab7f4056abf1dc68950a21e61d76f5ff8e4230610f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
dfe3b31a92da177310be5c8d5822144f

SHA1
916c9fb06d027d609e096cad65567b308c296f82

SHA256
bad4e384a93ef73912df809d8716d96cfa3780e367aec88cfd5da4b06ad19af9

SHA512
e8aa17dba155f0327d11a37e6c261b2e6a046b78f1f4b4820b7f7e6dc1c1dd99fc33a87b5b34709ee14060c4e0569a521d159961d3b6b7ef573523597a43ad0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
de8a37dad0f7306ab8ef91ca694170b9

SHA1
0c6b31b2cf6f9e5beaef1174f4675d999a17c4fb

SHA256
b41d0218db7ac3df4022f6c4a799e0797130be6bee420f4a479e54e524704022

SHA512
8434d7bceb0644d155569b1b59dd98d541fe5c2c3977c9a33ae309af067b8e756b6da976cfbee501be9d2b717b60f52053f2f798c4c4ba7f92aac701d6e161a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\982ff252-1a44-417a-b7d1-73816b695638

Filesize
10KB

MD5
6916d99f607c7410d0f06d8a96528f23

SHA1
38e84cdba84aad48c43b6910eaea1a81f53f31e3

SHA256
5a6c32f0f27d6e6cfd7af7f474f8e8df35f321fa1f1ecbf3f596388f1d1ddb7a

SHA512
c212631eb8942d0cbb24b725cb97454368556aa80958600d2ef085f91e44905b3a07499ac4e37e94c55c848c497ca44abbecc9850f2c13883c63c2b77ebcd6dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\d34491e9-313b-4506-8b8c-e554be65cae6

Filesize
746B

MD5
2e8919902af5d2d1eb790250f74c1dc4

SHA1
d1cc054cd6c7f99167d1d2db9f85c1ad81b0c8a5

SHA256
9952f07c3daf2dae6a5b08d6d598f6313d77c1cb00db7d1d685285d043bda72f

SHA512
a43eecbeae494dfc874b5eeb4359053660f20b36d522a34a24a66985f7d17998af24e15dce3ddb22f6a707eb4ad89a17b5daa757edff2dfa1fdaf017ea604ec5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\favicons.sqlite-wal

Filesize
352KB

MD5
7fbcd94aace2a49ed9f376ec452df386

SHA1
c5149ccb1b722888075a262d7253f0e0d9046d7c

SHA256
fa81c25e41f0049b30fae0eacd4969d2f1c29da44b5471bb6535b300a4fded3d

SHA512
30c5a978f0ce48005b77adb75a1ec12f9ee28589e05c3148338f13ca9b0a06ee67692a0280ed29266b8e365a67e40093e2486dfc63c967cc66197cb8ae62b31f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\places.sqlite

Filesize
5.0MB

MD5
20d84fbb418abe9d2546f1cd8d9c7b2d

SHA1
06bd86d74363854fa768377845a8fc6ae953eacd

SHA256
b35ac9ed0563965f3a584e9b91ed451392b5e6ab15ac7486f744dd2db5f4aae0

SHA512
72fd9ed53a2c9ad1adbccfa725a53f69aeacb48a894e25254ba92e9aa07361c38ec4652032dbff9ce17bd64b73a62641dea8d0a1f8751295e0fdac5f5f851ad8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\places.sqlite-wal

Filesize
2.3MB

MD5
eb36b444377f16fb7c3380c9c1014bac

SHA1
6c0b92f52a18502ef2c9a884194a2e4764699c48

SHA256
e11f86df87bce61e54326ad591d7923927360e0f60cba32e404850475308f15f

SHA512
67aad1f0e9763196cacbca48b15dfab66c097ec7c169149cd38c511ca5ef7b8f94988f568c74961bc400af09e1844bc78788bc1af938d63828c09fca0bf4252a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
7KB

MD5
e1f714a6e4be8d8bbf684030f37a89b9

SHA1
3f910ef701f0a4174ddc44ed986d57f8d3648dd1

SHA256
957f845294cd6cb58039076b24d058620f568f4a7999ab4df7e10e8cc54ab4c8

SHA512
469965e3f9264b3787aa3e86d19002fce70d981573521dd4a1aa9dfbcc183159bb37a7a34aab67d482164c4845a382ddd92a67778af7366b1feaa1b038eb3a6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
7KB

MD5
57881da7beaaaeaeb98cad475375e7ab

SHA1
81b4f324e9867454c9fd49a0ffed2f94e03b0ae9

SHA256
41840527feb766c9fa63b1f77a4100d850b523bdfa2e4d427be87d741c1e44e8

SHA512
a8c497c4a5302615a55ba3cf603cf795cb222d5a26e0a98f6ed0ee1c4866c15c58634c661c1e4a1929064e33c263ae772773b9dbd0dbcd60edf2cc07c229a91f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
4bc2b66a7ff29cd0546819c48cabe3e9

SHA1
40684be009adbcfda076dcc9195bae6a63d0a5aa

SHA256
c8825a6c1cc6711b36e578858d0aa375ee54d066b9478a0aa61604f3d81cf99f

SHA512
8e687e7cf62169d58106589b0bfeb1ead6eb3adfd3e57299f832eb857364e53d979fdb5631ff51d6b936026005ed1c3138a518ff00fb868264627a041d99850a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
238f9038145b347af324a400be4a671f

SHA1
9e254d2f375fb3b3658f4a1946f2fd8fb61f2fa2

SHA256
6b77a6eedde6a205ea27c549c99fe40ba2fac1ef50913dd9cfa5c6ecf28263a0

SHA512
bb503a8d276368d098295c1340f0ddf156e419535a694d76d65346b9b4b7cae21db23c531e9776e7db271c71bffd87e9a4170524742ab2678c09363e60b2b45d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
b832e8e7b72c70aa1a966c620224e4e3

SHA1
a7c8d2cb0d87d0cb5e6470dd9654001a01c8dc27

SHA256
540b2fda091a9dadb7b558e9f986753edf76d9fbb809f5a772dc48da32684b82

SHA512
ee9721dd662ea1db11acc80f8b2be0f7908a733960e83ac4545b9916d3e1cd5d8ace67fbfb632724e46b97204fd3b09ea061ef2877ac3a364cbfc8142b8589a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js

Filesize
6KB

MD5
3757542595954d2b62bb1f298338638a

SHA1
8a274db410fa7aab09724ddda916990f3c241c27

SHA256
337e6c7b01e51856aea5a84db5064c1fde981d6d1c9d2fc51fd1f1811a661771

SHA512
f1c8b9f2d41c6f87584d5b8f3bd4b47ca5e2be3f6f2c3fc88fcd2c6123a6cc27b9daf4d84c37325e36693f6d42b1621d7c6d609545c844a11d004db2d1afc454

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
4b11579c88eedc9482ee1a18da2a507f

SHA1
64ff97033bf55ef427ee619db54564b31d1d45f4

SHA256
f66dbe39c2ef29539d814ae7095f8b07e1aae7870868597ae85b5c30f1e29397

SHA512
01c33843da84f323540bf3565d4709bf1a1a996c42a3141d5e59f3ba0445bfe3168b4f323ae381273f7aa0f38a21748c21de1e7d05a773d6fc5812666f0132e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
23e22b9c66b615dfadd211a3653dc991

SHA1
0fe69da2ade047faab782ded2c6d57ee563628d5

SHA256
833fc852285fb43ca7d90894d69f61e3816c6301d76fccecc297f55435236ac9

SHA512
fa983910c5943fe59156d7fa30b15b9e7021fc20c2433b2609841763b9b1083f50df7ddf862e13d1ded4cb2bcb671a0711e4860e7282e215d5bcb386cca78ea2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
8165a2ff38221dc5a05159214758682d

SHA1
93530cb245729fc9dcfe77d44f3b723d80c838e9

SHA256
a8054a8f04b9ac599ce5022eecdd1b2e022ada074af77f0feb12499f674b0eb3

SHA512
53fcab47a0bcf663ef03ca05c410d23add5d04afa308d575776259cfeda4c9c4779f9368c8d9e3e77ca78de9919fa991a06a2c276734499f887852b38d0a6709

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
1da7c27792afc4bd7caf697ecbe07d36

SHA1
8c8ea8af2e69fd845529a88cd740ea5956131d48

SHA256
5a43cd6137c7940f1df1a9b25703b601017829b4238fa2cc314836b56998af70

SHA512
c7aafeed2d70715cb5b9ac2b12bcd978168828dafe6a5c92b785c4ef13c2deeeadd594c7b44561af13fcc95a6b695be9b4faf0d8a98df9647d06e187f1d78825

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
5cede11ecec3dd89053b0fe11d2e4f3d

SHA1
6cfda8d363bd2750cd4a671a83eb21defc9789b1

SHA256
c981e47466f7d8972f2ebaefae5667420a3a4bdebfc6f3bcf42f77492a2136de

SHA512
df8ab58f90b7cf4d99f1c065ba20f0415d7dda7fd7d8f6877e075cf3f31a3cfd2777b4f454628eb8667b80ff345fe50c36ee4249541786b6bbfd4269246ac4d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
b8280e48141c6216e25c0f2d8c17826d

SHA1
b7d201d81384aaad83898373b68445410b91ab0d

SHA256
33db0cc30a0cc879b3816d097435977cc42e99e7b1c48f530b1ced3b227ba08c

SHA512
d9ccf2791b11235aba140d5439a3ce840a37bf536f54c32733c286dbeba6c03176cd805abe467d8144933f2b8da53f583dc3b5d459a48033634e5a7ff82871de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
8d1d1371c061384c7d97344ff1347bb7

SHA1
054292f5abe519d3ce5efd103b31bc56b3e5d8e0

SHA256
6bc954c09d312b4ba1a135ab80a1186317dd96ba73677b1747731eebd38bb7d8

SHA512
5b859052c3f74e402b8c9ef1f635aedc3b9f0fd4640edc434e7fbcfab660d527aac3d6b189dab984f61f9bcf886cc3780e16bafd28b3723701e1b70b7089f45e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
a7ebc3a55da7d6b57df47ed123c69753

SHA1
79d8e96375ba0ae165b91252e538bdfe2edee8ed

SHA256
dd746b52c84a545ed7c1ef1798ee89199335bc5b2d65bb7eec1bfc9eba41702c

SHA512
616eaffa8c50d7db046a8fd47d2d4f5c6408af20184e7fa618f153bc1f21bfedecfe9e203d411dd95c92ab3283903456e02663b5dc385fc9175da7fae31211d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
feacfeaa6370d0dd460a0609e1e1435e

SHA1
1463da69f34d0efa56e61d9dd55ac1f435237b5b

SHA256
d57b87db93a487d521c52be8e0d599fcfb17e8012f6066c303f4e48e92c3f439

SHA512
61097d4419f67e7b364a5f0f3a248d801e0bbff2283ffce8cb89a5d43309145288c20ce1a6620217c81256db7da81de7d184a0c7eb769ea237902a5abbe5782b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\targeting.snapshot.json

Filesize
3KB

MD5
c18cb8d92704191beeb31b2556c23bdd

SHA1
6e7683bbf46677336402e1871344aab9406ae370

SHA256
a50d43034421e6924273a984dba735a7b037d04080462eae0d68e46d0eb6386a

SHA512
63b2b0069bb84004216bfa7e35830bc8749c76bb7eb3577585f7586b67c219fad8ea7521da190ebc4f251166d45f0049e907d7eb849461081d0d77b1c3309752

Download Submit